Security

Y2K all over again in 2010?

A decade after the Y2K crisis, date changes still pose technology problems, making some security software upgrades difficult and locking millions of bank ATM users out of their accounts.

Chips used in bank cards to identify account numbers could not read the year 2010 properly, making it impossible for ATMs and point of sale machines in Germany to read debit cards of 30 million people since New Year's Day, according to published reports. The workaround is to reprogram the machines so the chips don't have to deal with the number.

In Australia, point-of-sales machines skipped ahead to 2016 rather than 2010 at midnight Dec. 31, rendering them unusable by retailers, some of whom reported thousands of dollars in lost sales.

Meanwhile Symantec's network-access control (NAC) software that is supposed to check whether spam and virus definitions have been updated recently enough fails because of this 2010 problem, according to one of the company's security forums.

The problem isn't with the NAC host-integrity check itself but rather with Symantec Endpoint Protection Manager, which considers dates later than Dec. 31, 2009, 11:59 p.m., as too old. The definition updates the company sends out still take effect but SEPM classifies them as out of date. The NAC software relies on SEPM to report on the currency of updates.

As an interim measure, SEPM updates are being time stamped Dec. 31, 2009, with increasing revision numbers indicating which revision is the latest, Symantec says in its forum. The company post says it is working on a permanent fix and that the issue doesn't affect any other Symantec products. The post also includes three workarounds for addressing the problem via the host-integrity check.

Also of concern to businesses, SAP found a 2010 issue with the date that is used to help identify individual spool requests. Left unpatched, SAP software enters the data 2100, which effectively leaves active all requests made since 2010 started. SAP's OSS Note 1422843 and patches it contains clear up the issue, according to the site BASIS of SAP.

Another instance of Y2010 issues arises in open source mail filter Spam Assassin, increasing the spam score it gives to e-mails that come with 2010 date headers, making it more likely that those e-mails will be classified as spam, resulting in more false positives. The Spam Assassin project has posted a fix that requires a rule change.

Some users of mobile phones report getting SMS messages time stamped from the future — the year 2016 to be exact, the same year that the Australian point of sales machines rolled to. This is no coincidence, according to comments on sites discussing the issue. 2010 represented as a binary coded decimal is being interpreted by other devices as hexadecimal, which translates 2010 to 2016, they say. One way around the SMS problem is to have individual phones stamp the time on messages as they arrive rather than using the stamp placed on it by SMS servers.

Palm resolved a 2010 issue Jan. 1 when many of its users reported that their Palm Pre phones wouldn't sync and their calendar applications wouldn't work at all. Palm issued an OS version 1.3.5.1 that fixes the problem.

Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

GET TAHAWULTECH.COM IN YOUR INBOX

The free newsletter covering the top industry headlines